Changing secrets of kiali in istio is not working

1.8k views Asked by At

I have deployed istio in my eks cluster with demo profile. demo has kiali deployment with it. The access secret for kiali dashboard is ( username:admin,password:admin ).I was able to access my dashboard with this credentials. Then I created my own secrets.

$ echo shajaltest | base64
$ c2hhamFsdGVzdAo=

Deleted the secrets for kiali.

$ kubectl delete secrets kiali -n istio-system

Deployed the secrets again with this yaml

apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: istio-system
  labels:
    app: kiali
type: Opaque
data:
  username: c2hhamFsdGVzdAo=
  passphrase: c2hhamFsdGVzdAo=

After all of that I deleted the pod of kiali. After that I can not access my dashboard with this username and password. What should I do ?

I also checked the secrets of kiali. It has updated with recent secret value.

Here is the log of kiali pod.

I0408 18:30:30.194890       1 kiali.go:66] Kiali: Version: v1.15.1, Commit: 
3263b7692bcc06ad40292bedea5a9213e04aa9db
I0408 18:30:30.195179       1 kiali.go:205] Using authentication strategy [login]
I0408 18:30:30.195205       1 kiali.go:87] Kiali: Console version: 1.15.0
I0408 18:30:30.195212       1 kiali.go:286] Updating base URL in index.html with [/kiali]
I0408 18:30:30.195376       1 kiali.go:267] Generating env.js from config
I0408 18:30:30.197274       1 server.go:57] Server endpoint will start at [:20001/kiali]
I0408 18:30:30.197285       1 server.go:58] Server endpoint will serve static content from [/opt/kiali/console]
I0408 18:30:30.197297       1 metrics_server.go:18] Starting Metrics Server on [:9090]
I0408 18:30:30.197367       1 kiali.go:137] Secret is now available.
1

There are 1 answers

3
Jakub On BEST ANSWER

Have you tried to follow the istio documentation about changing the credentials in kiali?


I made a reproduction of your issue with below steps and everything worked just fine.

Enter a Kiali username when prompted:

KIALI_USERNAME=$(read -p 'Kiali Username: ' uval && echo -n $uval | base64)

Enter a Kiali passphrase when prompted:

KIALI_PASSPHRASE=$(read -sp 'Kiali Passphrase: ' pval && echo -n $pval | base64)

To create a secret, run the following commands:

NAMESPACE=istio-system

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: $NAMESPACE
  labels:
    app: kiali
type: Opaque
data:
  username: $KIALI_USERNAME
  passphrase: $KIALI_PASSPHRASE
EOF

And simply recreate the kiali pod with

kubectl delete pod <name_of_the_kiali_pod> -n istio-system

EDIT

As @Shajal Ahamed mentioned in comments the problem was absence of -n, if you want to use just echo, then use.

echo -n username | base64
echo -n passphrase | base64